1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
|
From: Markus Koschany <apo@debian.org>
Date: Wed, 30 May 2018 18:56:59 +0200
Subject: CVE-2018-8013
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899374
Origin: https://svn.apache.org/viewvc?view=revision&revision=1831241
---
sources/org/apache/batik/dom/AbstractDocument.java | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/sources/org/apache/batik/dom/AbstractDocument.java b/sources/org/apache/batik/dom/AbstractDocument.java
index c733421..477a134 100644
--- a/sources/org/apache/batik/dom/AbstractDocument.java
+++ b/sources/org/apache/batik/dom/AbstractDocument.java
@@ -2730,9 +2730,13 @@ public abstract class AbstractDocument
Method m = c.getMethod("getDOMImplementation", (Class[])null);
implementation = (DOMImplementation)m.invoke(null, (Object[])null);
} catch (Exception e) {
- try {
- implementation = (DOMImplementation)c.newInstance();
- } catch (Exception ex) {
+ if (DOMImplementation.class.isAssignableFrom(c)) {
+ try {
+ implementation = (DOMImplementation)c.newInstance();
+ } catch (Exception ex) {
+ }
+ } else {
+ throw new SecurityException("Trying to create object that is not a DOMImplementation.");
}
}
}
|